Erik Sjölund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files.

For the stable distribution (woody) this problem has been fixed in version 0.2-4woody3.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your zhcon package.

Upgrade Instructions---------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below: